Roles and permissions for VMware Cloud Director
The following table provides information about the platform management roles and permissions for VMware Shared.
- Minimum - roles with the bare minimum permissions in VMware Cloud Director.
- VMware Cloud Director - roles that are provided by VMware Cloud Director. For more information, see Rights in predefined global tenant roles.
- Custom - roles that are custom-defined by IBM.
| Platform management role | Actions | Level of permission |
|---|---|---|
| Reader | Read-only actions to view service-specific resources. | Minimum |
| Writer | Create and edit service-specific resources. | Minimum |
| Manager | Privileged actions as defined by the service in addition to create and edit service-specific resources. | Custom |
| Viewer | Read-only actions to view the summary and details of instances. | Minimum |
| Operator | Read-only actions. For example, list instances and view instance details. | Minimum |
| Editor | Update a specific instance. For example, add or remove VMware ESXiâ„¢ servers, clusters, and services; upgrade an instance to a higher version. | Minimum |
| Administrator | Full management access. For example, create new instances, delete instances, and grant platform access to other users. | Custom |
| Director Full Viewer | All view access to every component in VMware Cloud Director. | Custom |
| Director vApp Author | Use catalogs and create vApps in VMware Cloud Director. | VMware Cloud Director |
| Director vApp User | Use existing vApps in VMware Cloud Director. | VMware Cloud Director |
| Director Catalog Author | Create and publish catalogs in VMware Cloud Director. | VMware Cloud Director |
| Director Network Admin | Create, view, edit, delete the subnet, the static route, and troubleshoot routing in VMware Cloud Director. | Custom |
| Director Console User | View a virtual machine state, properties, and use the guest operating system in VMware Cloud Director. | VMware Cloud Director |
| Director Backup User | Manage Veeam® backup jobs in VMware Cloud Director. | Custom |
Custom defined roles and permissions
The following table provides information about roles that are custom-defined by IBM.
| Permission | Manager | Administrator | Director Full Viewer | Director Network Admin | Director Security Admin | Director Backup User |
|---|---|---|---|---|---|---|
| Access Control List: Manage |  |
|
|
|||
| Access Control List: View | |
|
|
|
|
|
| Access All Organization VDCs | |
|
|
|
|
|
| Alternate Admin Entity: View | |
|
|
|
||
| API Explorer: View | |
|
|
|
||
| API Tokens: Manage | |
|
||||
| API Tokens: Manage All | |
|
||||
| Catalog: Add vApp from My Cloud | |
|
||||
| Catalog: Change Owner | |
|
||||
| Catalog: Create / Delete a Catalog | |
|
||||
| Catalog: Edit Properties | |
|
||||
| Catalog: Publish | |
|
||||
| Catalog: Shadow VM View | |
|
|
|
||
| Catalog: Sharing | |
|
||||
| Catalog: VCSP Publish Subscribe | |
|
||||
| Catalog: View ACL | |
|
|
|||
| Catalog: View Private and Shared Catalogs | |
|
|
|
|
|
| Catalog: View Published Catalogs | |
|
|
|
||
| Certificate Library: Manage | |
|
||||
| Certificate Library: View | |
|
|
|
||
| Custom entity: View all custom entity instances in org | |
|
|
|
||
| Custom entity: View custom entity instance | |
|
|
|
||
| Extension Service API Definition: Manage | |
|
||||
| Extension Service API Definition: View | |
|
|
|||
| Extension Services: View | |
|
|
|||
| Extensions: View | |
|
|
|||
| External Service: Manage | |
|
||||
| External Service: View | |
|
|
|||
| General: Administrator Control | |
|
|
|||
| General: Administrator View | |
|
|
|
|
|
| General: Send Notification | |
|
||||
| General: View Error Details | |
|
|
|
|
|
| Group / User: Manage | |
|
||||
| Group / User: View | |
|
|
|
|
|
| Hybrid Cloud Operations: Acquire control ticket | |
|
||||
| Hybrid Cloud Operations: Acquire from-the-cloud tunnel ticket | |
|
||||
| Hybrid Cloud Operations: Acquire to-the-cloud tunnel ticket | |
|
||||
| Hybrid Cloud Operations: Create from-the-cloud tunnel | |
|
||||
| Hybrid Cloud Operations: Create to-the-cloud tunnel | |
|
||||
| Hybrid Cloud Operations: Delete from-the-cloud tunnel | |
|
||||
| Hybrid Cloud Operations: Delete to-the-cloud tunnel | |
|
||||
| Hybrid Cloud Operations: Update from-the-cloud tunnel endpoint tag | |
|
||||
| Localization Resources: Manage | |
|
||||
| Metadata File Entry: Create/Modify | |
|
||||
| Network Pool: View | |
|
|
|
|
|
| Object Extensions: Manage | |
|
||||
| Object Extensions: View | |
|
|
|||
| Organization Network: Create or Delete | |
|
|
|||
| Organization Network: Edit Properties | |
|
|
|||
| Organization Network: View | |
|
|
|
|
|
| Organization vDC Compute Policy: View | |
|
|
|
|
|
| Organization vDC Disk: View IOPS | |
|
|
|
||
| Organization vDC Gateway: Configure BGP Routing | |
|
|
|||
| Organization vDC Gateway: Configure DHCP | |
|
|
|||
| Organization vDC Gateway: Configure DNS | |
|
|
|||
| Organization vDC Gateway: Configure ECMP Routing | |
|
|
|||
| Organization vDC Gateway: Configure Firewall | |
|
|
|||
| Organization vDC Gateway: Configure IPsec VPN | |
|
|
|||
| Organization vDC Gateway: Configure L2 VPN | |
|
|
|||
| Organization vDC Gateway: Configure Load Balancer | |
|
|
|||
| Organization vDC Gateway: Configure NAT | |
|
|
|||
| Organization vDC Gateway: Configure OSPF Routing | |
|
|
|||
| Organization vDC Gateway: Configure Remote Access | |
|
|
|||
| Organization vDC Gateway: Configure Route Advertisement | |
|
|
|||
| Organization vDC Gateway: Configure SLAAC Profile | |
|
|
|||
| Organization vDC Gateway: Configure SSL VPN | |
|
|
|||
| Organization vDC Gateway: Configure Static Routing | |
|
|
|||
| Organization vDC Gateway: Configure Syslog | |
|
|
|||
| Organization vDC Gateway: Convert to Advanced Networking | |
|
|
|||
| Organization vDC Gateway: View | |
|
|
|
||
| Organization vDC Gateway: View BGP Routing | |
|
|
|
||
| Organization vDC Gateway: View DHCP | |
|
|
|
|
|
| Organization vDC Gateway: View DNS | |
|
|
|
|
|
| Organization vDC Gateway: View Firewall | |
|
|
|
|
|
| Organization vDC Gateway: View IPsec VPN | |
|
|
|
||
| Organization vDC Gateway: View L2 VPN | |
|
|
|
|
|
| Organization vDC Gateway: View Load Balancer | |
|
|
|
|
|
| Organization vDC Gateway: View NAT | |
|
|
|
|
|
| Organization vDC Gateway: View OSPF Routing | |
|
|
|
|
|
| Organization vDC Gateway: View Remote Access | |
|
|
|
||
| Organization vDC Gateway: View Route Advertisement | |
|
|
|
|
|
| Organization vDC Gateway: View SLAAC Profile | |
|
|
|
|
|
| Organization vDC Gateway: View SSL VPN | |
|
|
|
|
|
| Organization vDC Gateway: View Static Routing | |
|
|
|
|
|
| Organization vDC Named Disk: Change Owner | |
|
||||
| Organization vDC Named Disk: Create | |
|
||||
| Organization vDC Named Disk: Delete | |
|
||||
| Organization vDC Named Disk: Edit Properties | |
|
||||
| Organization vDC Named Disk: Move | |
|
||||
| Organization vDC Named Disk: View Encryption Status | |
|
|
|
|
|
| Organization vDC Named Disk: View Properties | |
|
|
|
|
|
| Organization vDC Network: Edit Properties | |
|
|
|||
| Organization vDC Network: View | |
|
||||
| Organization vDC Network: View Properties | |
|
|
|
|
|
| Organization vDC Storage Policy: View Capabilities | |
|
||||
| Organization vDC Storage Profile: Set Default | |
|
||||
| Organization vDC: Edit | |
|
||||
| Organization vDC: Edit ACL | |
|
|
|||
| Organization vDC: Manage Firewall | |
|
||||
| Organization vDC: Simple Edit | |
|
||||
| Organization vDC: User View | |
|
||||
| Organization vDC: View | |
|
|
|
|
|
| Organization vDC: View ACL | |
|
|
|
|
|
| Organization vDC: View CPU and Memory Reservation | |
|
|
|
|
|
| Organization VDC: view metrics | |
|
|
|
|
|
| Organization vDC: VM-VM Affinity Edit | |
|
||||
| Organization: Edit Association Settings | |
|
||||
| Organization: Edit Federation Settings | |
|
||||
| Organization: Edit Leases Policy | |
|
||||
| Organization: Edit OAuth Settings | |
|
||||
| Organization: Edit Password Policy | |
|
||||
| Organization: Edit Properties | |
|
||||
| Organization: Edit Quotas Policy | |
|
||||
| Organization: Edit SMTP Settings | |
|
||||
| Organization: Import User/Group from IdP while Editing VDC ACL | |
|
||||
| Organization: Perform Administrator Queries | |
|
|
|
||
| Organization: View | |
|
|
|
|
|
| Organization: view metrics | |
|
|
|
||
| Provider Network: View | |
|
|
|
||
| Provider vDC: View | |
|
|
|
||
| Quota Policy Capabilities: View | |
|
|
|
|
|
| Resource Class Action: Manage | |
|
||||
| Resource Class Action: View | |
|
|
|||
| Role: Create, Edit, Delete, or Copy | |
|
||||
| Security Tag Edit | |
|
||||
| Selector Extensions: Manage | |
|
||||
| Selector Extensions: View | |
|
|
|||
| Service Authorization: Manage | |
|
||||
| Service Configuration: Manage | |
|
||||
| Service Configuration: View | |
|
|
|||
| Service Link: Manage | |
|
||||
| Service Link: View | |
|
|
|||
| Service Resource Type: Manage | |
|
||||
| Service Resource Type: View | |
|
|
|||
| Service Resource: Manage | |
|
||||
| Service Resource: View | |
|
|
|||
| Service Library: View service libraries | |
|
|
|
|
|
| SSL: Test Connection | |
|
|
|
|
|
| Truststore: Manage | |
|
|
|||
| Truststore: View | |
|
|
|
|
|
| UI Plugins: Define Upload Modify Delete Associate or Disassociate | |
|
||||
| UI Plugins: View | |
|
|
|
|
|
| UI Plugins: View | |
|
|
|||
| vApp Template / Media: Copy | |
|
||||
| vApp Template / Media: Create / Upload | |
|
||||
| vApp Template / Media: Edit | |
|
||||
| vApp Template / Media: View | |
|
|
|
|
|
| vApp Template: Add to My Cloud | |
|
||||
| vApp Template: Change Owner | |
|
||||
| vApp Template: Download | |
|
||||
| vApp: Change Owner | |
|
||||
| vApp: Copy | |
|
||||
| vApp: Create / Reconfigure | |
|
||||
| vApp: Delete | |
|
||||
| vApp: Download | |
|
||||
| vApp: Edit Properties | |
|
|
|||
| vApp: Edit VM Compute Policy | |
|
||||
| vApp: Edit VM CPU | |
|
||||
| vApp: Edit VM Hard Disk | |
|
||||
| vApp: Edit VM Memory | |
|
||||
| vApp: Edit VM Network | |
|
|
|||
| vApp: Edit VM Properties | |
|
|
|||
| vApp: Manage VM Password Settings | |
|
||||
| vApp: Power Operations | |
|
||||
| vApp: Shadow VM View | |
|
|
|
|
|
| vApp: Sharing | |
|
||||
| vApp: Snapshot Operations | |
|
||||
| vApp: Upload | |
|
||||
| vApp: Use Console | |
|
|
|||
| vApp: View ACL | |
|
|
|
|
|
| vApp: View VM and VM's Disks Encryption Status | |
|
|
|
|
|
| vApp: View VM metrics | |
|
|
|
|
|
| vApp: VM Boot Options | |
|
||||
| vApp: VM Metadata to vCenter | |
|
||||
| vApp: VM Migrate, Force Undeploy, Relocate, Consolidate | |
|
|
|||
| VCD Extension: Register, Unregister, Refresh, Associate or Disassociate | |
|
||||
| VCD Extension: View | |
|
|
|||
| VDC Group: Configure | |
|
||||
| VDC Group: Configure Logging | |
|
||||
| VDC Group: View | |
|
|
|
|
|
| VDC Template: Instantiate | |
|
||||
| VDC Template: View | |
|
|
|
||
| vGPU Profile Consumption: View | |
|
|
|||
| Organization vDC Shared Named Disk: Create | |
|
||||
| vApp: Allow Matching Extra Config | |
|
||||
| vApp: Allow All Extra Config | |
|
||||
| VAPP_VM_METADATA_TO_VCENTER | |
|
||||
| Catalog: CLSP Publish Subscribe | |
|
||||
| Catalog: VCSP Publish Subscribe Caching | |
|
||||
| vApp Template: Checkout | |
|